Export disappeared
import { type UserWithRole } from 'better-auth/plugins';
import { type UserWithRole } from 'better-auth/plugins';
Solution:
I'm not sure why it got private, but I do think it's better practice to use the inferred
User from your auth instance as that should include role if you're using the admin pluginCustom error when user has a Google account but no credentials account.
Hey all! I have a small problem with my app.
How can I show the user that they can't log in with email/password because they already created an account using Google?
Thanks!...
Solution:
Tauri (or Electron) auth advice
I'd like to get opinions about auth (using better-auth)
If there is no option to use Cookie session, would you say that storing JWT (instead of cookie) in local storage is safe or unsafe?
I spent a lot of time reading articles and digging this with chatgpt and claude, but so far I got only vague solutions
It's said that keeping JWT in local storage is prone to XSS, yet I have seen countless applications that do that, like nobody cares...
role assignment during registration
Is there a recommended way to handle role assignment during registration and then have an admin approve or reject that role before the user can access their dashboard or permissions?
Any advice, best practices,...
Magic lInk
I have never set this up before so I am a little bit confused about how to implement it. In the docs it says to have a
server.ts and from my understanding this is just your regular auth.ts file you initially create when setting up better-auth?
Then we would have something like resend or nodemailer and a server action that actually gets your email address from the form itself and send out a link to login? Or am I over complicating it for myself.
Any help here would highly be appreciated...Session from MCP call
I have a function on my server code that automatically filters by logged user. That's easy with
const session = auth.api.getSession({ headers }) and from there I grab the userId
Now I want to call the same function but from an MCP server. This time session will be undefined.
I see I can use auth.api.getMcpSession({ headers }) to get the userId from an MCP call and this works fine....Can’t send verification emails after upgrading
Getting this error after upgrading from better-auth version 1.2.7: YOU_CAN_ONLY_SEND_A_VERIFICATION_EMAIL_TO_AN_UNVERIFIED_EMAIL
How to do custom actions on after normal sign up and Google
I have an app that when a user creates account it should create an org and assign the user to that org. I am trying to find a good way to do it but it is not that obvious since signing with google is not specified if it is login or sign up. I have seen the webhooks but was not able to understand how to use it (I understood the concept only) have any one ever done something similar or has any Idea? Thanks
Solution:
Most cases with creating orgs on signup (including social provider signups), we recommend just doing it in a database hook: https://www.better-auth.com/docs/concepts/database#1-before-hook
From here, you create the org and assign the user to it....
Anonymous users cannot sign in again anonymously... but you can?
When you
authClient.signIn.anonymous() while already having an anonymous session, you get a bad request error. This is intentional of course.
However, a new anonymous user is still created, with a session, and the better-auth.session_token cookie is also updated.
So either, the 400 error is nonsense because everything works properly. Or, the error is correct but all the logic is still executed. ..."superadmin" to bypass organization membership checks
Hey all, I'm working with better-auth and have noticed all of the organization methods check that the acting user is a member of that org first. This to me is an issue, as if the user is an admin/has valid permissions I want them to be able to act against orgs without them being a member - https://github.com/better-auth/better-auth/blob/main/packages/better-auth/src/plugins/organization/routes/crud-invites.ts#L180
Can we better leverage perms here as a feature request?...
Organization management for platform admins?
Hi,
Is there a way to manage the organizations in the system much like with the admin plugin? I mean a platform administrator on the client-side lists and manages all the available organizations? Are there any plans to extend the admin plugin to work over the organizations and other entities/plugins (e.g: sso-providers)?...
onboarding wizard: handle custom fields on session and caching session
hi. i'm a new nextjs dev and interested in using better auth in this project. im currently have trouble understanding and finding solution about session. here is what i want to achieve:
- when the app is freshly build, there will be a default superadmin account (i implement my own role management, not using the admin or organization plugin)
- when superadmin login, user need to do a first setup wizard. and when this setup is not completed, we cant access any route until setup is completed
problem:...
How to scope MCP access tokens to a specific organization?
Hello!
I am using both the Organization and the MCP plugins.
I would like my MCP access tokens to be scoped to a specific organization and not give access to all organizations of a user.
The flow I was envisioning is to have the user login if not already the case, then go to org selection page before the authorization was done, but couldn't find how to achieve this.
...
How to Retrieve Session in Next.js RSC Without Getting 401 (Next.js + Hono Integration)
Hi,
I'm building a full-stack app using Next.js for the frontend and Hono.js for the backend, running on separate ports in development (localhost:3000 for Next.js and localhost:8787 for the Hono server with Better Auth).
I’m using the following logic on the client side to get the current user:...
Issues signing in with SSO
Hello. I register my SSO Provider using the OIDC config in the authClient.sso.register function, and I get the data stored in the database in the format of ```json
{
"_id": {
"$oid": "688132034fd131f8a55b9c4a"
},...
Session is set to www domain
How do I fix this? I need the cookie to work for either www.domain.com or the domain.com as well. I know how to do it in normal sessions but don't know how to set this in better auth
Custom JWKS endpoint?
Hi, I've been integrating a provider (Web3Auth) and they only provide a JWKS endpoint where they return an identity token, no token/discovery/userinfo endpoints, does better-auth supports that? Seems like the generic auth kinda works with it but I can't find a way of providing a custom JWKS endpoint instead of the discovery URL.
Polar plugin
Hey! So I am trying to use the better auth polar plugin but when I try to do the customer portal, I get this error. Any idea why this happens, am I doing something wrong?
Multisession orgs list for diffrent accounts
docs : https://www.better-auth.com/docs/plugins/multi-session
Here how can i see only the orgs of the account it belongs to . Means currently the list is listing orgs from the active session account by default . Btw am using multisession and cant find any onbuild way of doing it ....
